The right thing, by the way, is for the casino to request a return address (address A), then generate a new address (address B), and link them in a database so that earnings made with BTC deposited to address B will only be returned to address A.
Yes, you should insist that customers give you a refund/cash-out address BEFORE you give them the funding address.
I think this is the wrong approach and will give you problems down the line even if you're dogmatic about sticking to your recommended "solution".
You're essentially asking the unwilling recipient of the funds to participate in laundering them.
Imagine this scenario:
1 ) We have a casino using the kjj/Gavinandresen scheme.
2 ) Hacker says he wishes to deposit bitcoins and supplies them with a return address A.
3 ) Casino generates funding address B and gives it to hacker.
4 ) Hacker steals large amount of bitcoins and sends them to B.
5 ) Casino gets a bit suspicious and to avoid liability as per kjj/Gavin's scheme sends them to agreed return address "A"
6 ) Police investigate theft and want to get their hands on the money (to return it). They catch the hacker but don't get the private key for A. Perhaps the hacker was supplied with A by the person paying him. Anyway, they find out somehow that the bitcoins were sent to the casino.
7 ) Police go to the casino and ask for the stolen bitcoins.
8 ) Casino says "Yes we did have them but we sent them to A".
9 ) Police accuse the casino of helping the hacker launder the coins.
You would also have to address the situation in which step 5 is "Before theft is discovered, Hacker rings up casino and asks for deposited funds to be returned due to 'urgent unforseen expenses'" - a perfectly legitimate sounding reason many legitimate clients would use when asking for funds back from their casino account.
If, instead of sending them to A, the casino hangs on to the funds until the police investigate then the casino can send the bitcoins to the police but then the public might accuse the hacker and the police of working together to steal the coins. Ok the police might eventually generate a transaction which can be seen to return the coins to the rightful owner but that may be years down the line after the case has gone through the courts. Until then, the casino is under suspicion. Also, while the casino has the coins (which might be a lot more than their company is worth) they'd better be sure their internal security is good enough to stop an employee getting their private keys!
The only way the casino can instantly avoid liability or suspicion from an unwanted payment is by returning the coins whence they came. Everyone can see that the situation has been returned to the status quo ante.
If you wish to firefight these cases, I have plenty more awkward situations to discuss. This should be a good thread.
ByteCoin